Hello all: I’m considering obtaining the CISSP Cert, and I'm trying to get ‘realistic’ advice concerning the opportunities/options that the CISSP would provide me. I’m 48 years old, and I’m asking for any (brutally honest) advice concerning the realistic options that I have for securing a career in I.T. Security. (Probably Entry-Level)(I’ve been with Comcast for eight years/Four of those on the Senior-Help Desk)I currently have: Associates (IT) /Network +/Security +/Certified Ethical Hacker (CEH) and some experience with the OSCP. I found the OSCP to be very challenging. Any thoughts/insight on the difficulty of CISSP compared to the OSCP or CEH?I’m experiencing a sense of ‘urgency’ in securing a career, and am open to any/all options.I’m willing to relocate/travel 100%/Contract/etc.I’m looking into options such as: Incident Handler/Loss Prevention/Management/I’m willing to spend a year (self-study) to obtain a CERT that will put me in the 50K to 70k range

If you have any advice/resources/etc., I would certainly appreciate it. Thanks in advance, Michael And yes, I really am an Ex-Circus Musician (Bass Guitar)

CISSP is a totally different animal than CEH or OSCP. CISSP has a management spin and is less technical, however you're expected to know technical details in some areas.

I actually just took the CISSP exam 2 days ago. Do NOT underestimate this cert. I always looked at it as a "read a book and pass the exam" type of cert. The reality is that there is a lot of information to remember for that exam. Quite frankly, if you don't have a decent amount of practical work experience in more than a few of the domains, its going to be even harder. Dedicate serious time to CISSP if you're going to do it because you really have to understand all the concepts and how they fit together. That test was a bitch. Then again.....our buddy H1t M0nkey cranked out CISSP in 17 days which is pretty amazing.

CISSP is beloved by HR and hiring people. I just did a quick search on dice.com and there were 1361 jobs across the country. This is a valuable cert for your career. In comparison, there were 6 jobs for OSCP and 92 for CEH

I wont get into the debate on which is more valuable for your brain....we'll leave that for another thread.

Look at the 10 common bodies of knowledge for CISSP, do you have at least 5 years experience in at least 2 of them? Another CISSP will have to vouch for that experience. If you don't have that, you'll be put into CISSP purgatory until you satisfy the practical work experience. If you do, I would say go for it because as you can see by the job numbers, there are plenty of them.

Then again.....our buddy H1t M0nkey cranked out CISSP in 17 days which is pretty amazing.

Yes, but I did GSEC a year before CISSP and they both cover similar material. I didn't have any life in this 17 days: Waking up at 4:30am to study before work then studying again on every single evenings until 11:00pm (so about 5 hours a day, more on weekends). It took me a full month to recover from this crazy pace.

I'm in a similar situation to the OP. Mid 40's, multiple certs and a good bit of computer experience just not in the domains I want to work in.

I decided to go for the CISSP now because almost every juicy position I see has that same 5 letter certification either required or recommended. I would MUCH rather work on my OSCP or take Joe McCrays Advanced CAST class but the CISSP looks to open more doors for me than almost anything else right now.

To give you perspective on my current study habits - I read a domain in both Kurtz/Vines and Conrads newest 11th hour guide to get a general feel for the topics. Then hit the AIOv5 and OSG2 to fill in the gaps, then take a 250 question quiz on just that domain on cccure to see what I didn't pick up.So far so good - been doing this since late June for maybe 10-15 hours a week. Its really opened my eyes to what I didn't know existed in the security realm.

I'm going to try and take the test in either October or November depending on how much of my time has to go to projects at work.

BTW - any advice on tweaks to my study habits from you CISSP'ers would be great!

The only thing I would recommend is making sure that you don't rely on the cccure tests. This may seem obvious, but understand the CONCEPTS behind the questions because none of the practice tests you'll take are like the real exam. Those tests DO help to a certain degree, but by no means the end all be all. The exam requires you to understand concepts for the most part. Of course they sprinkle in some specific/granular stuff just to make you crazy.

I think you're being smart by reading multiple sources and being methodical and diligent. That is a recipe for success.

cd1zz is right, no practice questions is like the real exam and that is a real shame. I bought practices questions from cccure.org, did the ones that came from Shon Harris book (even bought the extra questions from her), did more on another book and above all, I bought the expensive questions from ISC2! All in all, I did answered about 1600 practice questions from 4 different sources.

I was pissed to see the exam is different. Most questions (about 70%) are in the type: "Which answer is the BEST", "What would you do FIRST", etc. It means more than one answer is correct, you need to find the best one...

The other difference was that in the exam, they will sometime use different wording that you are use to. I think their goal is to see if you can talk to an executive who knows nothing about security and describe concepts in his own words. So for example, expect to see "pre-shared key" or "secret key" instead of "symmetric key". This drove my crazy in the exam...

I'm going to try and take the test in either October or November depending on how much of my time has to go to projects at work.

@maxpeck: Don't forget you cannot take the exam when you want like SANS. Where I leave, they only give it 3 times a year. That's why I did it quickly, I didn't want to wait an extra 6 months to write it...

Thanks for all the pointers guys! The biggest reason I'm not rushing to get this cert it to make bloody sure I get the concepts as well as I can. I know this isn't a Micro$oft exam...

I have 3 testing areas relatively close so I'm good on the test dates, the one available in November should work out well.

I'm using the various practice tests to help me round out the subject matter more than anything else. Taking the end of chapter test from each book is nice but they ask alot of specifics I know I won't be seeing in the same form on the big 6-hour hell-grind. That's one thing I'm dreading a lot - the LONG sit and sweat. I was uncomfortable when I took the CCNA for that very reason. After almost 3 hours sitting there and I so stressed I would have punched a nun in the face just to end it! Poor little nun...

A little late to the party but I think a couple items are illustrated that sum things up. I have been studying for the CISSP for about a year and the breadth is just unreal. I'd say most people, and this even means full time InfoSec types like us, only deal with 3-4 of the CISSP domains on a monthly basis. Even when you get roped in to random things, you may hit 5 or 6 of the domains. It's a bit odd to think that one exam contains a section on a question on how an s-box works in an encryption algorithm and then the next question is what type of fire prevention methods should be used in scenario A in a datacenter. The key point though as pointed out by cd1zz, if you want a resume booster, I can't think of much better than CISSP.